diff --git a/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
index dd6b1ea8623c..7a804e37e9d9 100644
--- a/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
+++ b/_vendor/github.com/docker/scout-cli/docs/docker_scout_sbom.yaml
@@ -44,6 +44,7 @@ options:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
+ - cyclonedx: cyclone dx representation of the SBOM
deprecated: false
hidden: false
experimental: false
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
index cd95ab4df42c..bdb7f82921d0 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_cves.md
@@ -264,8 +264,8 @@ pkg:apk/alpine/zlib@1.2.12-r1?arch=aarch64&distro=alpine-3.16.1
...
11 vulnerabilities found in 2 packages
- LOW 0
- MEDIUM 8
- HIGH 2
CRITICAL 1
+ HIGH 2
+ MEDIUM 8
+ LOW 0
```
diff --git a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
index bda5eb3d5b86..a335d5f83f2e 100644
--- a/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
+++ b/_vendor/github.com/docker/scout-cli/docs/scout_sbom.md
@@ -5,13 +5,13 @@ Generate or display SBOM of an image
### Options
-| Name | Type | Default | Description |
-|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------|
-| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM |
-| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list |
-| `-o`, `--output` | `string` | | Write the report to a file |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive |
+| Name | Type | Default | Description |
+|:----------------------|:--------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--format` | `string` | `json` | Output format:
- list: list of packages of the image
- json: json representation of the SBOM
- spdx: spdx representation of the SBOM
- cyclonedx: cyclone dx representation of the SBOM |
+| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc)
Can only be used with --format list |
+| `-o`, `--output` | `string` | | Write the report to a file |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive |
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index 9c9a249884f6..cdd949340b05 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -3,4 +3,4 @@
# github.com/docker/buildx v0.18.0
# github.com/docker/cli v27.3.2-0.20241008150905-cb3048fbebb1+incompatible
# github.com/docker/compose/v2 v2.30.1
-# github.com/docker/scout-cli v1.13.0
+# github.com/docker/scout-cli v1.15.0
diff --git a/content/get-started/docker-concepts/the-basics/what-is-an-image.md b/content/get-started/docker-concepts/the-basics/what-is-an-image.md
index fb31b9efb79b..72ed777ffe78 100644
--- a/content/get-started/docker-concepts/the-basics/what-is-an-image.md
+++ b/content/get-started/docker-concepts/the-basics/what-is-an-image.md
@@ -3,19 +3,17 @@ title: What is an image?
weight: 20
keywords: concepts, build, images, container, docker desktop
description: What is an image
-aliases:
- - /guides/docker-concepts/the-basics/what-is-an-image/
+aliases:
+ - /guides/docker-concepts/the-basics/what-is-an-image/
---
{{< youtube-embed NyvT9REqLe4 >}}
## Explanation
-Seeing a [container](./what-is-a-container) is an isolated process, where does it get its files and configuration? How do you share those environments?
+Seeing a [container](./what-is-a-container.md) is an isolated process, where does it get its files and configuration? How do you share those environments?
-That's where container images come in!
-
-A container image is a standardized package that includes all of the files, binaries, libraries, and configurations to run a container.
+That's where container images come in. A container image is a standardized package that includes all of the files, binaries, libraries, and configurations to run a container.
For a [PostgreSQL](https://hub.docker.com/_/postgres) image, that image will package the database binaries, config files, and other dependencies. For a Python web app, it'll include the Python runtime, your app code, and all of its dependencies.
@@ -23,7 +21,7 @@ There are two important principles of images:
1. Images are immutable. Once an image is created, it can't be modified. You can only make a new image or add changes on top of it.
-2. Container images are composed of layers. Each layer represented a set of file system changes that add, remove, or modify files.
+2. Container images are composed of layers. Each layer represents a set of file system changes that add, remove, or modify files.
These two principles let you to extend or add to existing images. For example, if you are building a Python app, you can start from the [Python image](https://hub.docker.com/_/python) and add additional layers to install your app's dependencies and add your code. This lets you focus on your app, rather than Python itself.
@@ -50,19 +48,18 @@ In this hands-on, you will learn how to search and pull a container image using
1. Open the Docker Desktop Dashboard and select the **Images** view in the left-hand navigation menu.
- 
+ 
2. Select the **Search images to run** button. If you don't see it, select the _global search bar_ at the top of the screen.
- 
+ 
3. In the **Search** field, enter "welcome-to-docker". Once the search has completed, select the `docker/welcome-to-docker` image.
- 
+ 
4. Select **Pull** to download the image.
-
### Learn about the image
Once you have an image downloaded, you can learn quite a few details about the image either through the GUI or the CLI.
@@ -71,13 +68,11 @@ Once you have an image downloaded, you can learn quite a few details about the i
2. Select the **docker/welcome-to-docker** image to open details about the image.
- 
+ 
3. The image details page presents you with information regarding the layers of the image, the packages and libraries installed in the image, and any discovered vulnerabilities.
- 
-
-
+ 
{{< /tab >}}
@@ -87,103 +82,101 @@ Follow the instructions to search and pull a Docker image using CLI to view its
### Search for and download an image
-1. Open a terminal and search for images using the [`docker search`](/reference/cli/docker/search/) command:
-
- ```console
- docker search docker/welcome-to-docker
- ```
+1. Open a terminal and search for images using the [`docker search`](/reference/cli/docker/search.md) command:
- You will see output like the following:
+ ```console
+ docker search docker/welcome-to-docker
+ ```
- ```console
- NAME DESCRIPTION STARS OFFICIAL
- docker/welcome-to-docker Docker image for new users getting started w… 20
- ```
+ You will see output like the following:
- This output shows you information about relevant images available on Docker Hub.
+ ```console
+ NAME DESCRIPTION STARS OFFICIAL
+ docker/welcome-to-docker Docker image for new users getting started w… 20
+ ```
-2. Pull the image using the [`docker pull`](/reference/cli/docker/image/pull/) command.
+ This output shows you information about relevant images available on Docker Hub.
- ```console
- docker pull docker/welcome-to-docker
- ```
+2. Pull the image using the [`docker pull`](/reference/cli/docker/image/pull.md) command.
- You will see output like the following:
+ ```console
+ docker pull docker/welcome-to-docker
+ ```
- ```console
- Using default tag: latest
- latest: Pulling from docker/welcome-to-docker
- 579b34f0a95b: Download complete
- d11a451e6399: Download complete
- 1c2214f9937c: Download complete
- b42a2f288f4d: Download complete
- 54b19e12c655: Download complete
- 1fb28e078240: Download complete
- 94be7e780731: Download complete
- 89578ce72c35: Download complete
- Digest: sha256:eedaff45e3c78538087bdd9dc7afafac7e110061bbdd836af4104b10f10ab693
- Status: Downloaded newer image for docker/welcome-to-docker:latest
- docker.io/docker/welcome-to-docker:latest
- ```
+ You will see output like the following:
- Each of line represents a different downloaded layer of the image. Remember that each layer is a set of filesystem changes and provides functionality of the image.
+ ```console
+ Using default tag: latest
+ latest: Pulling from docker/welcome-to-docker
+ 579b34f0a95b: Download complete
+ d11a451e6399: Download complete
+ 1c2214f9937c: Download complete
+ b42a2f288f4d: Download complete
+ 54b19e12c655: Download complete
+ 1fb28e078240: Download complete
+ 94be7e780731: Download complete
+ 89578ce72c35: Download complete
+ Digest: sha256:eedaff45e3c78538087bdd9dc7afafac7e110061bbdd836af4104b10f10ab693
+ Status: Downloaded newer image for docker/welcome-to-docker:latest
+ docker.io/docker/welcome-to-docker:latest
+ ```
+ Each of line represents a different downloaded layer of the image. Remember that each layer is a set of filesystem changes and provides functionality of the image.
### Learn about the image
-1. List your downloaded images using the [`docker image ls`](/reference/cli/docker/image/ls/) command:
-
- ```console
- docker image ls
- ```
+1. List your downloaded images using the [`docker image ls`](/reference/cli/docker/image/ls.md) command:
- You will see output like the following:
+ ```console
+ docker image ls
+ ```
- ```console
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker/welcome-to-docker latest eedaff45e3c7 4 months ago 29.7MB
- ```
+ You will see output like the following:
- The command shows a list of Docker images currently available on your system. The `docker/welcome-to-docker` has a total size of approximately 29.7MB.
+ ```console
+ REPOSITORY TAG IMAGE ID CREATED SIZE
+ docker/welcome-to-docker latest eedaff45e3c7 4 months ago 29.7MB
+ ```
- > **Image size**
- >
- > The image size represented here reflects the uncompressed size of the image, not the download size of the layers.
+ The command shows a list of Docker images currently available on your system. The `docker/welcome-to-docker` has a total size of approximately 29.7MB.
-2. List the image's layers using the [`docker image history`](/reference/cli/docker/image/history/) command:
+ > **Image size**
+ >
+ > The image size represented here reflects the uncompressed size of the image, not the download size of the layers.
- ```console
- docker image history docker/welcome-to-docker
- ```
+2. List the image's layers using the [`docker image history`](/reference/cli/docker/image/history.md) command:
- You will see output like the following:
+ ```console
+ docker image history docker/welcome-to-docker
+ ```
- ```console
- IMAGE CREATED CREATED BY SIZE COMMENT
- 648f93a1ba7d 4 months ago COPY /app/build /usr/share/nginx/html # buil… 1.6MB buildkit.dockerfile.v0
- 5 months ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
- 5 months ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B
- 5 months ago /bin/sh -c #(nop) EXPOSE 80 0B
- 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B
- 5 months ago /bin/sh -c #(nop) COPY file:9e3b2b63db9f8fc7… 4.62kB
- 5 months ago /bin/sh -c #(nop) COPY file:57846632accc8975… 3.02kB
- 5 months ago /bin/sh -c #(nop) COPY file:3b1b9915b7dd898a… 298B
- 5 months ago /bin/sh -c #(nop) COPY file:caec368f5a54f70a… 2.12kB
- 5 months ago /bin/sh -c #(nop) COPY file:01e75c6dd0ce317d… 1.62kB
- 5 months ago /bin/sh -c set -x && addgroup -g 101 -S … 9.7MB
- 5 months ago /bin/sh -c #(nop) ENV PKG_RELEASE=1 0B
- 5 months ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.25.3 0B
- 5 months ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B
- 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
- 5 months ago /bin/sh -c #(nop) ADD file:ff3112828967e8004… 7.66MB
- ```
+ You will see output like the following:
- This output shows you all of the layers, their sizes, and the command used to create the layer.
+ ```console
+ IMAGE CREATED CREATED BY SIZE COMMENT
+ 648f93a1ba7d 4 months ago COPY /app/build /usr/share/nginx/html # buil… 1.6MB buildkit.dockerfile.v0
+ 5 months ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
+ 5 months ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B
+ 5 months ago /bin/sh -c #(nop) EXPOSE 80 0B
+ 5 months ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B
+ 5 months ago /bin/sh -c #(nop) COPY file:9e3b2b63db9f8fc7… 4.62kB
+ 5 months ago /bin/sh -c #(nop) COPY file:57846632accc8975… 3.02kB
+ 5 months ago /bin/sh -c #(nop) COPY file:3b1b9915b7dd898a… 298B
+ 5 months ago /bin/sh -c #(nop) COPY file:caec368f5a54f70a… 2.12kB
+ 5 months ago /bin/sh -c #(nop) COPY file:01e75c6dd0ce317d… 1.62kB
+ 5 months ago /bin/sh -c set -x && addgroup -g 101 -S … 9.7MB
+ 5 months ago /bin/sh -c #(nop) ENV PKG_RELEASE=1 0B
+ 5 months ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.25.3 0B
+ 5 months ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B
+ 5 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
+ 5 months ago /bin/sh -c #(nop) ADD file:ff3112828967e8004… 7.66MB
+ ```
- > **Viewing the full command**
- >
- > If you add the `--no-trunc` flag to the command, you will see the full command. Note that, since the output is in a table-like format, longer commands will cause the output to be very difficult to navigate.
+ This output shows you all of the layers, their sizes, and the command used to create the layer.
+ > **Viewing the full command**
+ >
+ > If you add the `--no-trunc` flag to the command, you will see the full command. Note that, since the output is in a table-like format, longer commands will cause the output to be very difficult to navigate.
{{< /tab >}}
{{< /tabs >}}
@@ -194,12 +187,12 @@ In this walkthrough, you searched and pulled a Docker image. In addition to pull
The following resources will help you learn more about exploring, finding, and building images:
-- [Docker Trusted Content](/trusted-content/)
- - [Docker Official Images docs](/trusted-content/official-images/)
- - [Docker Verified Publisher docs](/trusted-content/dvp-program/)
- - [Docker-Sponsored Open Source Program docs](/trusted-content/dsos-program/)
-- [Explore the Image view in Docker Desktop](/desktop/use-desktop/images/)
-- [Packaging your software](/build/building/packaging/)
+- [Docker Trusted Content](/manuals/trusted-content/_index.md)
+ - [Docker Official Images docs](/manuals/trusted-content/official-images/_index.md)
+ - [Docker Verified Publisher docs](/manuals/trusted-content/dvp-program.md)
+ - [Docker-Sponsored Open Source Program docs](/manuals/trusted-content/dsos-program.md)
+- [Explore the Image view in Docker Desktop](/manuals/desktop/use-desktop/images.md)
+- [Docker Build overview](/manuals/build/concepts/overview.md)
- [Docker Hub](https://hub.docker.com)
## Next steps
diff --git a/content/get-started/workshop/02_our_app.md b/content/get-started/workshop/02_our_app.md
index 0d01ca1744b6..0e2ee0bbc5ad 100644
--- a/content/get-started/workshop/02_our_app.md
+++ b/content/get-started/workshop/02_our_app.md
@@ -2,15 +2,17 @@
title: Containerize an application
weight: 20
linkTitle: "Part 1: Containerize an application"
-keywords: dockerfile example, Containerize an application, run docker file, running
+keywords: |
+ dockerfile example, Containerize an application, run docker file, running
docker file, how to run dockerfile, example dockerfile, how to create a docker container,
create dockerfile, simple dockerfile, creating containers
-description: Follow this step-by-step guide to learn how to create and run a containerized
+description: |
+ Follow this step-by-step guide to learn how to create and run a containerized
application using Docker
aliases:
- - /get-started/part2/
- - /get-started/02_our_app/
- - /guides/workshop/02_our_app/
+ - /get-started/part2/
+ - /get-started/02_our_app/
+ - /guides/workshop/02_our_app/
---
For the rest of this guide, you'll be working with a simple todo
@@ -49,68 +51,13 @@ Before you can run the application, you need to get the application source code
To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a text-based file with no file extension that contains a script of instructions. Docker uses this script to build a container image.
-1. In the `getting-started-app` directory, the same location as the `package.json` file, create a file named `Dockerfile`. You can use the following commands to create a Dockerfile based on your operating system.
-
- {{< tabs >}}
- {{< tab name="Mac / Linux / Windows (Git Bash)" >}}
-
- In the terminal, run the following commands.
-
- Make sure you're in the `getting-started-app` directory. Replace `/path/to/getting-started-app` with the path to your `getting-started-app` directory.
-
- ```console
- $ cd /path/to/getting-started-app
- ```
-
- Create an empty file named `Dockerfile`.
-
- ```console
- $ touch Dockerfile
- ```
-
- {{< /tab >}}
- {{< tab name="Windows (Command Prompt)" >}}
-
- In the Windows Command Prompt, run the following commands.
-
- Make sure you're in the `getting-started-app` directory. Replace `\path\to\getting-started-app` with the path to your `getting-started-app` directory.
-
- ```console
- $ cd \path\to\getting-started-app
- ```
-
- Create an empty file named `Dockerfile`.
-
- ```console
- $ type nul > Dockerfile
- ```
-
- {{< /tab >}}
- {{< tab name="Windows (PowerShell)" >}}
-
- In PowerShell, run the following commands.
-
- Make sure you're in the `getting-started-app` directory. Replace `\path\to\getting-started-app` with the path to your `getting-started-app` directory.
-
- ```console
- $ cd \path\to\getting-started-app
- ```
-
- Create an empty file named `Dockerfile`.
-
- ```powershell
- $ New-Item -Path . -Name Dockerfile -ItemType File
- ```
-
- {{< /tab >}}
- {{< /tabs >}}
-
-2. Using a text editor or code editor, add the following contents to the Dockerfile:
+1. In the `getting-started-app` directory, the same location as the
+ `package.json` file, create a file named `Dockerfile` with the following contents:
```dockerfile
# syntax=docker/dockerfile:1
-
- FROM node:18-alpine
+
+ FROM node:lts-alpine
WORKDIR /app
COPY . .
RUN yarn install --production
@@ -118,7 +65,12 @@ To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a te
EXPOSE 3000
```
-3. Build the image using the following commands:
+ This Dockerfile starts off with a `node:lts-alpine` base image, a
+ light-weight Linux image that comes with Node.js and the Yarn package
+ manager pre-installed. It copies all of the source code into the image,
+ installs the necessary dependencies, and starts the application.
+
+2. Build the image using the following commands:
In the terminal, make sure you're in the `getting-started-app` directory. Replace `/path/to/getting-started-app` with the path to your `getting-started-app` directory.
@@ -127,11 +79,12 @@ To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a te
```
Build the image.
+
```console
$ docker build -t getting-started .
```
- The `docker build` command uses the Dockerfile to build a new image. You might have noticed that Docker downloaded a lot of "layers". This is because you instructed the builder that you wanted to start from the `node:18-alpine` image. But, since you didn't have that on your machine, Docker needed to download the image.
+ The `docker build` command uses the Dockerfile to build a new image. You might have noticed that Docker downloaded a lot of "layers". This is because you instructed the builder that you wanted to start from the `node:lts-alpine` image. But, since you didn't have that on your machine, Docker needed to download the image.
After Docker downloaded the image, the instructions from the Dockerfile copied in your application and used `yarn` to install your application's dependencies. The `CMD` directive specifies the default command to run when starting a container from this image.
@@ -146,30 +99,27 @@ Now that you have an image, you can run the application in a container using the
1. Run your container using the `docker run` command and specify the name of the image you just created:
```console
- $ docker run -dp 127.0.0.1:3000:3000 getting-started
+ $ docker run -d -p 127.0.0.1:3000:3000 getting-started
```
The `-d` flag (short for `--detach`) runs the container in the background.
This means that Docker starts your container and returns you to the terminal
- prompt. You can verify that a container is running by viewing it in Docker
- Dashboard under **Containers**, or by running `docker ps` in the terminal.
+ prompt.
- The `-p` flag (short for `--publish`) creates a port mapping between the host
- and the container. The `-p` flag takes a string value in the format of
- `HOST:CONTAINER`, where `HOST` is the address on the host, and `CONTAINER` is
- the port on the container. The command publishes the container's port 3000 to
- `127.0.0.1:3000` (`localhost:3000`) on the host. Without the port mapping,
- you wouldn't be able to access the application from the host.
+ The `-p` flag (short for `--publish`) creates a port mapping between the
+ host and the container. The `-p` flag takes a string value in the format of
+ `HOST:CONTAINER`, where `HOST` is the address on the host, and `CONTAINER`
+ is the port on the container. The command publishes the container's port
+ 3000 to `127.0.0.1:3000` (`localhost:3000`) on the host. Without the port
+ mapping, you wouldn't be able to access the application from the host.
2. After a few seconds, open your web browser to [http://localhost:3000](http://localhost:3000).
You should see your app.
-
3. Add an item or two and see that it works as you expect. You can mark items as complete and remove them. Your frontend is successfully storing items in the backend.
-
At this point, you have a running todo list manager with a few items.
If you take a quick look at your containers, you should see at least one container running that's using the `getting-started` image and on port `3000`. To see your containers, you can use the CLI or Docker Desktop's graphical interface.
@@ -177,12 +127,14 @@ If you take a quick look at your containers, you should see at least one contain
{{< tabs >}}
{{< tab name="CLI" >}}
-Run the following `docker ps` command in a terminal to list your containers.
+Run the `docker ps` command in a terminal to list your containers.
```console
$ docker ps
```
+
Output similar to the following should appear.
+
```console
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
df784548666d getting-started "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 127.0.0.1:3000->3000/tcp priceless_mcclintock
@@ -204,8 +156,8 @@ In this section, you learned the basics about creating a Dockerfile to build an
Related information:
- - [Dockerfile reference](/reference/dockerfile/)
- - [docker CLI reference](/reference/cli/docker/)
+- [Dockerfile reference](/reference/dockerfile/)
+- [docker CLI reference](/reference/cli/docker/)
## Next steps
diff --git a/content/get-started/workshop/05_persisting_data.md b/content/get-started/workshop/05_persisting_data.md
index 5e5864cde496..fb1b925deca8 100644
--- a/content/get-started/workshop/05_persisting_data.md
+++ b/content/get-started/workshop/05_persisting_data.md
@@ -21,43 +21,37 @@ changes won't be seen in another container, even if they're using the same image
### See this in practice
-To see this in action, you're going to start two containers. In one container, you'll create a file. In the other container, you'll verify the file exists.
-What you'll see is that the file created in one container isn't available in another.
+To see this in action, you're going to start two containers. In one container,
+you'll create a file. In the other container, you'll check whether that same
+file exists.
-1. Start an Alpine container and access its shell.
+1. Start an Alpine container and create a new file in it.
```console
- $ docker run -ti --name=mytest alpine
+ $ docker run --rm alpine touch greeting.txt
```
-2. In the container, create a `greeting.txt` file with `hello` inside.
+ > [!TIP]
+ > Any commands you specify after the image name (in this case, `alpine`)
+ > are executed inside the container. In this case, the command `touch
+ > greeting.txt` puts a file named `greeting.txt` on the container's filesystem.
- ```console
- / # echo "hello" > greeting.txt
- ```
-
-3. Exit the container.
-
- ```console
- / # exit
- ```
-
-4. Run a new Alpine container and use the `cat` command to verify that the
- file does not exist.
+2. Run a new Alpine container and use the `stat` command to check whether the file exists.
```console
- $ docker run alpine cat greeting.txt
+ $ docker run --rm alpine stat greeting.txt
```
You should see output similar to the following that indicates the file does not exist in the new container.
```console
- cat: can't open 'greeting.txt': No such file or directory
+ stat: can't stat 'greeting.txt': No such file or directory
```
-5. Go ahead and remove the containers using `docker ps --all` to get the IDs,
- and then `docker rm -f ` to remove the containers.
-
+The `greeting.txt` file created by the first container did not exist in the
+second container. That is because the writeable "top layer" of each container
+is isolated. Even though both containers shared the same underlying layers that
+make up the base image, the writable layer is unique to each container.
## Container volumes
diff --git a/content/guides/python/deploy.md b/content/guides/python/deploy.md
index d071722d4715..6b955d93ceb4 100644
--- a/content/guides/python/deploy.md
+++ b/content/guides/python/deploy.md
@@ -115,7 +115,7 @@ spec:
spec:
containers:
- name: fastapi-service
- image: technox64/python-docker-dev-example-test:latest
+ image: DOCKER_USERNAME/REPO_NAME
imagePullPolicy: Always
env:
- name: POSTGRES_PASSWORD
diff --git a/content/manuals/compose/how-tos/lifecycle.md b/content/manuals/compose/how-tos/lifecycle.md
index aa332877e9e3..d044f1bed13d 100644
--- a/content/manuals/compose/how-tos/lifecycle.md
+++ b/content/manuals/compose/how-tos/lifecycle.md
@@ -6,6 +6,8 @@ desription: How to use lifecycle hooks with Docker Compose
keywords: cli, compose, lifecycle, hooks reference
---
+{{< introduced compose 2.30.0 "../releases/release-notes.md#2300" >}}
+
## Services lifecycle hooks
When Docker Compose runs a container, it uses two elements,
@@ -63,3 +65,8 @@ services:
pre_stop:
- command: ./data_flush.sh
```
+
+## Reference information
+
+- [`post_start`](/reference/compose-file/services.md#post_start)
+- [`pre_stop`](/reference/compose-file/services.md#pre_stop)
diff --git a/content/manuals/engine/daemon/alternative-runtimes.md b/content/manuals/engine/daemon/alternative-runtimes.md
index 854f73e09797..95bb542642de 100644
--- a/content/manuals/engine/daemon/alternative-runtimes.md
+++ b/content/manuals/engine/daemon/alternative-runtimes.md
@@ -30,7 +30,7 @@ You can also use runtimes designed as drop-in replacements for runc. Such
runtimes depend on the runc containerd shim for invoking the runtime binary.
You must manually register such runtimes in the daemon configuration.
-[youki](https://github.com/containers/youki)
+[youki](https://github.com/youki-dev/youki)
is one example of a runtime that can function as a runc drop-in replacement.
Refer to the [youki example](#youki) explaining the setup.
diff --git a/content/manuals/scout/release-notes/cli.md b/content/manuals/scout/release-notes/cli.md
index 5c2f9eacc392..c43e69e00814 100644
--- a/content/manuals/scout/release-notes/cli.md
+++ b/content/manuals/scout/release-notes/cli.md
@@ -9,6 +9,43 @@ This page contains information about the new features, improvements, known
issues, and bug fixes in the Docker Scout [CLI plugin](https://github.com/docker/scout-cli/)
and the `docker/scout-action` [GitHub Action](https://github.com/docker/scout-action).
+## 1.15.0
+
+{{< release-date date="2024-10-31" >}}
+
+### New
+
+- New `--format=cyclonedx` flag for the `docker scout sbom` to output the SBOM in CycloneDX format.
+
+### Enhancements
+
+- Use high-to-low sort order for CVE summary.
+- Support for enabling and disabling repositories that enabled by `docker scout push` or `docker scout watch`.
+
+### Bug fixes
+
+- Improve messaging when analyzing `oci` directories without attestations.
+ Only single-platform images and multi-platform image _with attestations_ are supported.
+ Multi-platform images without attestations are not supported.
+- Improve classifiers and SBOM indexer:
+ - Add classifier for Liquibase `lpm`.
+ - Add Rakudo Star/MoarVM binary classifier.
+ - Add binary classifiers for silverpeas utilities.
+- Improve reading and caching of attestations with the containerd image store.
+
+## 1.14.0
+
+{{< release-date date="2024-09-24" >}}
+
+### New
+
+- Add suppression information at the CVE level in the `docker scout cves` command.
+
+### Bug fixes
+
+- Fix listing CVEs for dangling images, for example: `local://sha256:...`
+- Fix panic when analysing a file system input, for instance with `docker scout cves fs://.`
+
## 1.13.0
{{< release-date date="2024-08-05" >}}
diff --git a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md
index ac55982f881b..494e2d4a745e 100644
--- a/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md
+++ b/content/manuals/security/for-admins/hardened-desktop/enhanced-container-isolation/features-benefits.md
@@ -235,10 +235,10 @@ Desktop Linux VM (e.g., 100000->165535).
Moreover, each container gets an exclusive range of real user-IDs in the Linux
VM (e.g., container 0 could get mapped to 100000->165535, container 2 to
-165536->231071, container 3 to 231072->296607, and so on). Same applies to
+165536->231071, container 3 to 231072->296607, and so on). The same applies to
group-IDs. In addition, if a container is stopped and restarted, there is no
-guarantee it will receive the same mapping as before. This by design and further
-improves security.
+guarantee it will receive the same mapping as before. This is by design and
+further improves security.
However the above presents a problem when mounting Docker volumes into
containers, as the files written to such volumes will have the real
diff --git a/content/manuals/security/for-admins/roles-and-permissions.md b/content/manuals/security/for-admins/roles-and-permissions.md
index 517088b771ed..5165ee39d2bc 100644
--- a/content/manuals/security/for-admins/roles-and-permissions.md
+++ b/content/manuals/security/for-admins/roles-and-permissions.md
@@ -9,30 +9,35 @@ aliases:
weight: 40
---
-Organization and company owners can assign roles to individuals giving them different permissions in the organization. This section is for owners who want to learn about the defined roles and their permission scopes.
+Organization and company owners can assign roles to individuals giving them different permissions in the organization. This guide outlines Docker's organization roles and their permission scopes.
## Roles
-When you invite users to your organization, you assign a role. A role is a collection of permissions. Roles define access to perform actions like creating repositories, pulling images, creating teams, and configuring organization settings.
+When you invite users to your organization, you assign them a role. A role is a collection of permissions. Roles define whether users can create repositories, pull images, create teams, and configure organization settings.
The following roles are available to assign:
-- **Member** - Non-administrative role. Members can view other members that are in the same organization.
-- **Editor** - Partial administrative access to the organization. Editors can create, edit, and delete repositories. They can also edit an existing team's access permissions.
-- **Organization owner** - Full organization administrative access. Organization owners can manage organization repositories, teams, members, settings, and billing.
-- **Company owner** - In addition to the permissions of an organization owner, company owners can configure settings for their associated organizations.
+- Member: Non-administrative role. Members can view other members that are in the same organization.
+- Editor: Partial administrative access to the organization. Editors can create, edit, and delete repositories. They can also edit an existing team's access permissions.
+- Organization owner: Full organization administrative access. Organization owners can manage organization repositories, teams, members, settings, and billing.
+- Company owner: In addition to the permissions of an organization owner, company owners can configure settings for their associated organizations.
-Owners can manage roles for members of an organization on [Docker Hub](/manuals/admin/organization/members.md#update-a-member-role), as well members of an [organization](/manuals/admin/organization/members.md#update-a-member-role) or a [company](/manuals/admin/company/users.md#update-a-member-role) in the [Docker Admin Console](/manuals/admin/_index.md).
+Owners can manage roles for members of an organization using Docker Hub or the Admin Console:
+- Update a member role in [Docker Hub](/manuals/admin/organization/members.md#update-a-member-role)
+- Update an organization's members or company in the [Admin Console](/manuals/admin/company/users.md#update-a-member-role)
+- Learn more about [organizations and companies](/manuals/admin/_index.md)
## Permissions
+> [!NOTE]
+>
+> Company owners have the same access as organization owners for all associated organizations. For more information, see [Company overview](/admin/company/).
+
The following sections describe the permissions for each role.
### Content and registry permissions
-The following outlines content and registry permissions for member, editor, and organization owner roles. These permissions and roles apply to the entire organization, including all the repositories in the namespace for the organization.
-
-Company owners have the same access as organization owners for all associated organizations. See [Company overview](/admin/company/).
+The following table outlines content and registry permissions for member, editor, and organization owner roles. These permissions and roles apply to the entire organization, including all the repositories in the namespace for the organization.
| Permission | Member | Editor | Organization owner |
| :---------------------------------------------------- | :----- | :----- | :----------------- |
@@ -53,13 +58,13 @@ Company owners have the same access as organization owners for all associated or
When you add members to a team, you can manage their repository permissions. For team repository permissions, see [Create and manage a team permissions reference](/manuals/admin/organization/manage-a-team.md#permissions-reference).
-See the following diagram for an example of how permissions may work for a user. In this example, the first permission check is for the role: member or editor. Editors have administrative permissions for repositories across the namespace of the organization. Members may have administrative permissions for a repository if they're a member of a team that grants those permissions.
+The following diagram provides an example of how permissions may work for a user. In this example, the first permission check is for the role: member or editor. Editors have administrative permissions for repositories across the namespace of the organization. Members may have administrative permissions for a repository if they're a member of a team that grants those permissions.
### Organization management permissions
-The following outlines organization management permissions for member, editor, organization owner, and company owner roles.
+The following table outlines organization management permissions for member, editor, organization owner, and company owner roles.
| Permission | Member | Editor | Organization owner | Company owner |
| :---------------------------------------------------------------- | :----- | :----- | :----------------- | :------------ |
@@ -76,8 +81,8 @@ The following outlines organization management permissions for member, editor, o
| Registry Access Management | ❌ | ❌ | ✅ | ✅ |
| Set up Single Sign-On (SSO) and SCIM | ❌ | ❌ | ✅ \* | ✅ |
| Require Docker Desktop sign-in | ❌ | ❌ | ✅ \* | ✅ |
-| Manage billing information (e.g. billing address) | ❌ | ❌ | ✅ | ✅ |
-| Manage payment methods (e.g. credit card or invoice) | ❌ | ❌ | ✅ | ✅ |
+| Manage billing information (for example, billing address) | ❌ | ❌ | ✅ | ✅ |
+| Manage payment methods (for example, credit card or invoice) | ❌ | ❌ | ✅ | ✅ |
| View billing history | ❌ | ❌ | ✅ | ✅ |
| Manage subscriptions | ❌ | ❌ | ✅ | ✅ |
| Manage seats | ❌ | ❌ | ✅ | ✅ |
@@ -85,9 +90,9 @@ The following outlines organization management permissions for member, editor, o
_\* If not part of a company_
-### Docker Scout
+### Docker Scout permissions
-The following outlines Docker Scout management permissions for member, editor, and organization owner roles.
+The following table outlines Docker Scout management permissions for member, editor, and organization owner roles.
| Permission | Member | Editor | Organization owner |
| :---------------------------------------------------- | :----- | :----- | :----------------- |
@@ -97,9 +102,9 @@ The following outlines Docker Scout management permissions for member, editor, a
| Create environments | ❌ | ❌ | ✅ |
| Manage registry integrations | ❌ | ❌ | ✅ |
-### Docker Build Cloud
+### Docker Build Cloud permissions
-The following outlines Docker Build Cloud management permissions for member, editor, and organization owner roles.
+The following table outlines Docker Build Cloud management permissions for member, editor, and organization owner roles.
| Permission | Member | Editor | Organization owner |
| ---------------------------- | :----- | :----- | :----------------- |
diff --git a/content/manuals/security/for-admins/single-sign-on/manage.md b/content/manuals/security/for-admins/single-sign-on/manage.md
index ddc54606846e..26455b24794f 100644
--- a/content/manuals/security/for-admins/single-sign-on/manage.md
+++ b/content/manuals/security/for-admins/single-sign-on/manage.md
@@ -54,24 +54,39 @@ aliases:
## Manage users
-{{< tabs >}}
-{{< tab name="Admin Console" >}}
+> [!IMPORTANT]
+>
+> SSO has Just-In-Time (JIT) Provisioning enabled by default unless you have [disabled it](/security/for-admins/provisioning/just-in-time/#sso-authentication-with-jit-provisioning-disabled). This means your users are auto-provisioned to your organization.
+>
+> You can change this on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:
+>
+> - [Okta](https://help.okta.com/en-us/Content/Topics/Security/policies/configure-app-signon-policies.htm)
+> - [Entra ID (formerly Azure AD)](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users)
+>
+> Alternatively, see the [Provisioning overview](/manuals/security/for-admins/provisioning/_index.md) guide.
-{{< include "admin-early-access.md" >}}
-{{% admin-sso-management-users product="admin" %}}
+### Add guest users when SSO is enabled
-{{< /tab >}}
-{{< tab name="Docker Hub" >}}
+To add a guest that isn't verified through your IdP:
-{{% admin-sso-management-users product="hub" %}}
+1. Sign in to the [Admin Console](https://app.docker.com/admin).
+2. Select **Organizations**, your organization, and then **Members**.
+3. Select **Invite**.
+4. Follow the on-screen instructions to invite the user.
-{{< /tab >}}
-{{< /tabs >}}
+### Remove users from the SSO company
+
+To remove a user:
+
+1. Sign in to [Admin Console](https://app.docker.com/admin).
+2. Select **Organizations**, your organization, and then **Members**.
+3. Select the action icon next to a user’s name, and then select **Remove member**, if you're an organization, or **Remove user**, if you're a company.
+4. Follow the on-screen instructions to remove the user.
## Manage provisioning
-Users are provisioned with Just-in-Time (JIT) provisioning by default. If you enable SCIM, you can disable JIT. For more information, see the [Provisioning overview](/manuals/security/for-admins/provisioning/_index.md) [Just-in-Time](/manuals/security/for-admins/provisioning/just-in-time.md) guides.
+Users are provisioned with Just-in-Time (JIT) provisioning by default. If you enable SCIM, you can disable JIT. For more information, see the [Provisioning overview](/manuals/security/for-admins/provisioning/_index.md) guide.
## What's next?
diff --git a/content/manuals/subscription/build-cloud/manage-seats.md b/content/manuals/subscription/build-cloud/manage-seats.md
index de3599c277db..3c1a0cdcc248 100644
--- a/content/manuals/subscription/build-cloud/manage-seats.md
+++ b/content/manuals/subscription/build-cloud/manage-seats.md
@@ -40,4 +40,4 @@ As an owner of the Docker Build Cloud team, you can invite members to access clo
Invitees receive an email with instructions on how they can accept the invite. After they accept, the seat will be marked as **Allocated** in the **User management** section in the Docker Build Cloud dashboard.
-For more information on the permissions granted to members, see [Roles and permissions](/security/for-admins/roles-and-permissions#docker-build-cloud).
+For more information on the permissions granted to members, see [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md#docker-build-cloud).
\ No newline at end of file
diff --git a/content/reference/compose-file/services.md b/content/reference/compose-file/services.md
index 24906a00d3df..798b3ad69e3e 100644
--- a/content/reference/compose-file/services.md
+++ b/content/reference/compose-file/services.md
@@ -1505,6 +1505,39 @@ ports:
mode: host
```
+## post_start
+
+{{< introduced compose 2.30.0 "../../manuals/compose/releases/release-notes.md#2300" >}}
+
+`post_start` defines a sequence of lifecycle hooks to run after a container has started. The exact timing of when the command is run is not guaranteed.
+
+- `command`: Specifies the command to run once the container starts. This attribute is required, and you can choose to use either the shell form or the exec form.
+- `user`: The user to run the command. If not set, the command is run with the same user as the main service command.
+- `privileged`: Lets the `post_start` command run with privileged access.
+- `working_dir`: The working directory in which to run the command. If not set, it is run in the same working directory as the main service command.
+- `environment`: Sets environment variables specifically for the `post_start` command. While the command inherits the environment variables defined for the service’s main command, this section lets you add new variables or override existing ones.
+
+```yaml
+services:
+ test:
+ post_start:
+ - command: ./do_something_on_startup.sh
+ user: root
+ privileged: true
+ environment:
+ - FOO=BAR
+```
+
+For more information, see [Use lifecycle hooks](/manuals/compose/how-tos/lifecycle.md).
+
+## pre_stop
+
+{{< introduced compose 2.30.0 "../../manuals/compose/releases/release-notes.md#2300" >}}
+
+`pre_stop` defines a sequence of lifecycle hooks to run before the container is stopped. These hooks won't run if the container stops by itself or is terminated suddenly.
+
+Configuration is equivalent to [`post_start](#post_start).
+
### privileged
`privileged` configures the service container to run with elevated privileges. Support and actual impacts are platform specific.
diff --git a/go.mod b/go.mod
index 86222084472e..7734ed7282ff 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
github.com/docker/buildx v0.18.0 // indirect
github.com/docker/cli v27.3.2-0.20241008150905-cb3048fbebb1+incompatible // indirect
github.com/docker/compose/v2 v2.30.1 // indirect
- github.com/docker/scout-cli v1.13.0 // indirect
+ github.com/docker/scout-cli v1.15.0 // indirect
github.com/moby/buildkit v0.17.0 // indirect
github.com/moby/moby v27.3.1+incompatible // indirect
)
@@ -15,7 +15,7 @@ replace (
github.com/docker/buildx => github.com/docker/buildx v0.18.0
github.com/docker/cli => github.com/docker/cli v27.3.1+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.30.1
- github.com/docker/scout-cli => github.com/docker/scout-cli v1.13.0
+ github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
github.com/moby/buildkit => github.com/moby/buildkit v0.17.0
github.com/moby/moby => github.com/moby/moby v27.3.1+incompatible
)
diff --git a/go.sum b/go.sum
index 685216fc85a5..90c52f3f406c 100644
--- a/go.sum
+++ b/go.sum
@@ -228,6 +228,8 @@ github.com/docker/scout-cli v1.12.0 h1:NhmT4BzL2lYiIk5hPFvK5FzQ8izbLDL3/Rugcyulv
github.com/docker/scout-cli v1.12.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/docker/scout-cli v1.13.0 h1:RThUM56yooV5izqgMEYQS+a6Yx+vGmZofJwX0qjgkco=
github.com/docker/scout-cli v1.13.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
+github.com/docker/scout-cli v1.15.0 h1:VhA9niVftEyZ9f5KGwKnrSfQOp2X3uIU3VbE/gTVMTM=
+github.com/docker/scout-cli v1.15.0/go.mod h1:Eo1RyCJsx3ldz/YTY5yGxu9g9mwTYbRUutxQUkow3Fc=
github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
diff --git a/layouts/shortcodes/admin-sso-management-connections.md b/layouts/shortcodes/admin-sso-management-connections.md
index 740e195a6bb5..fe185d858186 100644
--- a/layouts/shortcodes/admin-sso-management-connections.md
+++ b/layouts/shortcodes/admin-sso-management-connections.md
@@ -2,7 +2,7 @@
{{ $sso_navigation := `Navigate to the SSO settings page for your organization. Select **Organizations**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
+ {{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
{{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO and SCIM**. Note that when an organization is part of a company, you must select the company and configure SSO for that organization at the company level. Each organization can have its own SSO configuration and domain, but it must be configured at the company level." }}
{{ end }}
@@ -11,7 +11,7 @@
1. Sign in to {{ $product_link }}.
2. {{ $sso_navigation }}
3. In the SSO connections table, select the **Action** icon.
-4. Select **Edit connection** to edit your connection.
+4. Select **Edit connection**.
5. Follow the on-screen instructions to edit the connection.
### Delete a connection
@@ -24,4 +24,4 @@
### Deleting SSO
-When you disable SSO, you can delete the connection to remove the configuration settings and the added domains. Once you delete this connection, it can't be undone. Users must authenticate with their Docker ID and password or create a password reset if they don't have one.
\ No newline at end of file
+When you disable SSO, you can delete the connection to remove the configuration settings and the added domains. Once you delete this connection, it can't be undone. If an SSO connection is deleted, Docker users must authenticate with their Docker ID and password.
\ No newline at end of file
diff --git a/layouts/shortcodes/admin-sso-management-orgs.md b/layouts/shortcodes/admin-sso-management-orgs.md
index 232c3b1164b4..db97b8b12d4a 100644
--- a/layouts/shortcodes/admin-sso-management-orgs.md
+++ b/layouts/shortcodes/admin-sso-management-orgs.md
@@ -1,7 +1,7 @@
{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
{{ $sso_navigation := "Select **Organizations**, your company, and then **Settings**." }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
+ {{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
{{ $sso_navigation = "Select your company in the left navigation drop-down menu, and then select **SSO and SCIM**." }}
{{ end }}
@@ -13,7 +13,7 @@
4. Select **Next** to navigate to the section where connected organizations are listed.
5. In the **Organizations** drop-down, select the organization to add to the connection.
6. Select **Next** to confirm or change the default organization and team provisioning.
-7. Review the **Connection Summary** and select **Save**.
+7. Review the **Connection Summary** and select **Update connection**.
### Remove an organization
@@ -23,4 +23,4 @@
4. Select **Next** to navigate to the section where connected organizations are listed.
5. In the **Organizations** drop-down, select **Remove** to remove the connection.
6. Select **Next** to confirm or change the default organization and team provisioning.
-7. Review the **Connection Summary** and select **Save**.
+7. Review the **Connection Summary** and select **Update connection**.
diff --git a/layouts/shortcodes/admin-sso-management-users.md b/layouts/shortcodes/admin-sso-management-users.md
deleted file mode 100644
index baf6a15ebeca..000000000000
--- a/layouts/shortcodes/admin-sso-management-users.md
+++ /dev/null
@@ -1,48 +0,0 @@
-{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
-{{ $sso_navigation := `Navigate to the SSO settings page for your organization or company.
- - Organization: Select **Organizations**, your organization, **Settings**, and then **Security**.
- - Company: Select **Organizations**, your company, and then **Settings**.` }}
-{{ $member_navigation := "Select **Organizations**, your organization, and then **Members**." }}
-{{ $invite_button := "**Invite members**" }}
-{{ $remove_button := "**Remove member**" }}
-{{ $provisioning_steps := "This feature is only available in the Admin Console."}}
-
-{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
- {{ $invite_button = "**Invite**" }}
- {{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO and SCIM**." }}
- {{ $member_navigation = `Navigate to the user management page for your organization or company.
- - Organization: Select your organization in the left navigation drop-down menu, and then select **Members**.
- - Company: Select your company in the left navigation drop-down menu, and then select **Users**.` }}
- {{ $remove_button = "**Remove member**, if you're an organization, or **Remove user**, if you're a company" }}
-
-> [!IMPORTANT]
->
-> SSO has Just-In-Time (JIT) Provisioning enabled by default unless you have [disabled it](/security/for-admins/provisioning/just-in-time/#sso-authentication-with-jit-provisioning-disabled). This means your users are auto-provisioned to your organization.
->
-> You can change this on a per-app basis. To prevent auto-provisioning users, you can create a security group in your IdP and configure the SSO app to authenticate and authorize only those users that are in the security group. Follow the instructions provided by your IdP:
->
-> - [Okta](https://help.okta.com/en-us/Content/Topics/Security/policies/configure-app-signon-policies.htm)
-> - [Entra ID (formerly Azure AD)](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users)
->
-> Alternatively, see [Manage how users are provisioned](/manuals/security/for-admins/single-sign-on/manage.md).
-
-
-### Add guest users when SSO is enabled
-
-To add a guest that isn't verified through your IdP:
-
-1. Sign in to {{ $product_link }}.
-2. {{ $member_navigation }}
-3. Select {{ $invite_button }}.
-4. Follow the on-screen instructions to invite the user.
-
-### Remove users from the SSO company
-
-To remove a user:
-
-1. Sign in to {{ $product_link }}.
-2. {{ $member_navigation }}
-3. Select the action icon next to a user’s name, and then select {{ $remove_button }}.
-4. Follow the on-screen instructions to remove the user.
-{{ end }}
\ No newline at end of file
diff --git a/layouts/shortcodes/admin-sso-management.md b/layouts/shortcodes/admin-sso-management.md
index fe1d218cccf8..bbf168e306ed 100644
--- a/layouts/shortcodes/admin-sso-management.md
+++ b/layouts/shortcodes/admin-sso-management.md
@@ -2,7 +2,7 @@
{{ $sso_navigation := `Navigate to the SSO settings page for your organization. Select **Organizations**, your organization, **Settings**, and then **Security**.` }}
{{ if eq (.Get "product") "admin" }}
- {{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
+ {{ $product_link = "the [Admin Console](https://app.docker.com/admin)" }}
{{ $sso_navigation = "Select your organization or company in the left navigation drop-down menu, and then select **SSO and SCIM**." }}
{{ end }}
@@ -15,8 +15,8 @@
5. In the **Domain** drop-down, select the **x** icon next to the domain that you want to remove.
6. Select **Next** to confirm or change the connected organization(s).
7. Select **Next** to confirm or change the default organization and team provisioning selections.
-8. Review the **Connection Summary** and select **Save**.
+8. Review the **Connection Summary** and select **Update connection**.
-> **Note**
+> [!Note]
>
> If you want to re-add the domain, a new TXT record value is assigned. You must then complete the verification steps with the new TXT record value.